Configure Hysteria on Ubuntu Server

Install or update to the latest version:

bash <(curl -fsSL https://get.hy2.sh/)

Remove Hysteria:

bash <(curl -fsSL https://get.hy2.sh/) --remove
nano /etc/hysteria/config.yaml
listen: :443 

acme:
  domains:
    - example.com    
  email: [email protected] 

auth:
  type: password
  password: password

quic:
  initStreamReceiveWindow: 8388608 
  maxStreamReceiveWindow: 8388608 
  initConnReceiveWindow: 20971520 
  maxConnReceiveWindow: 20971520 
  maxIdleTimeout: 30s 
  maxIncomingStreams: 1024 
  disablePathMTUDiscovery: false 

acl:
  inline: 
    - reject(geoip:ir)
  # geoip: GeoLite2-Country.mmdb 


disableUDP: false
udpIdleTimeout: 60s

+ Take a look at the differences between Hysteria 2 and Hysteria 1 at https://hysteria.network/docs/misc/2-vs-1/
+ Check out the quick server config guide at https://hysteria.network/docs/getting-started/Server/
+ Edit server config file at /etc/hysteria/config.yaml
+ Start your hysteria server with systemctl start hysteria-server.service
+ Configure hysteria start on system boot with systemctl enable hysteria-server.service

References
https://v2.hysteria.network/docs/getting-started/Installation/

Install V2Ray on Linux

bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)

/etc/systemd/system/v2ray.service

[Unit]
Description=V2Ray Service
Documentation=https://www.v2fly.org/
After=network.target nss-lookup.target

[Service]
User=nobody
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/v2ray run -config /usr/local/etc/v2ray/config.json
Restart=on-failure
RestartPreventExitStatus=23

[Install]
WantedBy=user. Target
installed: /usr/local/bin/v2ray
installed: /usr/local/share/v2ray/geoip.dat
installed: /usr/local/share/v2ray/geosite.dat
installed: /usr/local/etc/v2ray/config.json
installed: /var/log/v2ray/
installed: /var/log/v2ray/access.log
installed: /var/log/v2ray/error.log
installed: /etc/systemd/system/v2ray.service
installed: /etc/systemd/system/[email protected]
systemctl enable v2ray; systemctl start v2ray

Remove V2Ray

# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) --remove

References
https://github.com/v2fly/fhs-install-v2ray

Pass Google Traffic through WARP with V2ray in Ubuntu

Install warp-cli

curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
sudo apt update
sudo apt install cloudflare-warp

Run warp-cli in proxy mode

warp-cli --accept-tos register
warp-cli --accept-tos set-mode proxy
warp-cli --accept-tos set-proxy-port 40040
warp-cli --accept-tos connect
warp-cli --accept-tos enable-always-on

Configure xray

nano /usr/local/etc/xray/config.json
"outbounds": [
    {
        "protocol": "socks", 
        "settings": { 
            "servers":[
                {
                    "address":"127.0.0.1",
                    "port":40040
                }
            ]
        }, 
        "tag": "warp"
    }
],
"routing": {
    "domainStrategy": "AsIs",
    "rules": [
        {
            "type":"field",
            "domain":[
                "domain:google.com"
            ],
            "outboundTag": "warp"
        }
    ]
},

References
https://developers.cloudflare.com/warp-client/get-started/linux
https://pkg.cloudflareclient.com/install

Install Xray + VLESS + WS + TLS + Apache + CDN on Ubuntu

Install required Ubuntu packages

apt install -y chrony
timedatectl set-ntp true
systemctl enable chrony && systemctl restart chrony
timedatectl set-timezone Asia/Tehran
chronyc sourcestats -v
chronyc tracking -v
date

Install Certbot

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot certonly --standalone

result

# Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
# Key is saved at:         /etc/letsencrypt/live/example.com/privkey.pem

Xray

bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root
# xray remove
# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove --purge
# /etc/systemd/system/xray.service
# /usr/local/bin/xray run -config /usr/local/etc/xray/config.json
nano /usr/local/etc/xray/config.json
{
    "log": {
        "loglevel": "warning"
    },
    "inbounds": [
        {
            "port": 10002,
            "listen": "127.0.0.1",
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "559f6df4-0a3c-4f5f-bb95-d17888b16361",
                        "level": 0,
                        "email": "[email protected]"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "path": "/xray"
                }
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom", 
            "settings": { }, 
            "tag": "direct"
        }, 
        {
            "protocol": "blackhole", 
            "settings": { }, 
            "tag": "blocked"
        }
    ],
    "dns": {
    "servers": [
      "https+local://1.1.1.1/dns-query",
      "1.1.1.1",
      "1.0.0.1",
      "8.8.8.8",
      "8.8.4.4",
      "localhost"
    ]
  }
}

Xray Dat Path

/usr/local/share/xray

Apache

nano /etc/apache2/apache2.conf
<VirtualHost *:80>
    Servername example.com
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =example.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URL} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
    # change your domain
    ServerName example.com
    # you may have a different root
    DocumentRoot /var/www/
    # the SSL configuration enable https for your site and it’s also required by shadowsocks + v2ray
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/example.com/privkey.pem
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 +TLSv1.3
    SSLCipherSuite HIGH:!aNULL
    <Location "/xray">
    ProxyPass ws://127.0.0.1:10002/xray
    ProxyAddHeaders Off
    ProxyPreserveHost On
    RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s
    </Location>
</VirtualHost>

References
https://github.com/XTLS/Xray-core
https://github.com/XTLS/Xray-examples
https://github.com/v2fly/v2ray-examples
https://github.com/XTLS/Xray-install

Configure Shadowsocks + V2ray + TLS + Apache + CDN on Ubuntu

Shadowsocks

nano /etc/shadowsocks/config.json
{
    "server":"127.0.0.1",
    "server_port":10001,
    "password":"password",
    "mode":"tcp_only",
    "timeout":300,
    "method":"chacha20-ietf-poly1305",
    "plugin":"v2ray-plugin_linux_amd64",
    "plugin_opts":"server;path=/ss;loglevel=none", # loglevel=debug
    "nameserver":"1.1.1.1"
}

Apache

nano /etc/apache2/apache2.conf
<VirtualHost *:80>
    Servername example.com
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =example.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URL} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
    # change your domain
    ServerName example.com
    # you may have a different root
    DocumentRoot /var/www/

    # the SSL configuration enable https for your site and it’s also required by shadowsocks + v2ray
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/example.com/privkey.pem

    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 +TLSv1.3
    SSLCipherSuite HIGH:!aNULL

    <Location "/ss">
    ProxyPass ws://127.0.0.1:10001/ss
    ProxyAddHeaders Off
    ProxyPreserveHost On
    RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s
    </Location>
</VirtualHost>

 

References
https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration
https://big533.cc/wordpress/index.php/2020/01/03/v2ray-setup-with-websocket-tls-using-apache/
https://github.com/KonaisPC/v2ray-apache-ws/blob/master/v2ray-apache.sh

Install Shadowsocks + V2ray + TLS + CDN on Ubuntu

Install required Ubuntu packages

apt update
apt install -y --no-install-recommends gettext build-essential autoconf libtool libpcre3-dev asciidoc xmlto libev-dev libc-ares-dev automake libssl-dev gawk debhelper init-system-helpers pkg-config apg zlib1g-dev libudns-dev libsodium-dev libmbedtls-dev haveged

Install Certbot

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Get a certificate for your domain :

sudo certbot certonly --standalone

result

# Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
# Key is saved at:         /etc/letsencrypt/live/example.com/privkey.pem

Download shadowsocks-rust

wget https://github.com/shadowsocks/shadowsocks-rust/releases/download/v1.17.1/shadowsocks-v1.17.1.x86_64-unknown-linux-gnu.tar.xz
tar -xf shadowsocks-v1.17.1.x86_64-unknown-linux-gnu.tar.xz

Or download latest version here https://github.com/shadowsocks/shadowsocks-rust

Download v2ray-plugin

wget https://github.com/shadowsocks/v2ray-plugin/releases/download/v1.3.2/v2ray-plugin-linux-amd64-v1.3.2.tar.gz
tar -xzvf v2ray-plugin-linux-amd64-v1.3.2.tar.gz

Or download latest version here https://github.com/shadowsocks/v2ray-plugin

Move files

mv sslocal ssserver ssurl ssmanager ssservice v2ray-plugin_linux_amd64 /usr/local/bin/

Configuration

mkdir -p /etc/shadowsocks
touch /etc/shadowsocks/config.json
nano /etc/shadowsocks/config.json
{
    "server":"0.0.0.0",
    "server_port":443,
    "password":"password",
    "mode":"tcp_only",
    "timeout":300,
    "method":"chacha20-ietf-poly1305",
    "plugin":"v2ray-plugin_linux_amd64",
    "plugin_opts":"server;tls;cert=/etc/letsencrypt/live/example.com/fullchain.pem;key=/etc/letsencrypt/live/example.com/privkey.pem;host=example.com;path=/;loglevel=none",
    "nameserver":"1.1.1.1"
}

replace example.com with your domain in configuarion

Create Systemd service

touch /lib/systemd/system/shadowsocks.service
nano /lib/systemd/system/shadowsocks.service
[Unit]
Description=Shadowsocks Server Service
After=network.target
[Service]
ExecStart=/usr/local/bin/ssserver -c /etc/shadowsocks/config.json
ExecReload=/bin/kill -HUP \$MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.target
systemctl enable shadowsocks.service
systemctl start shadowsocks.service
journalctl -u shadowsocks.service -f

References
https://github.com/M3chD09/shadowsocks-with-v2ray-plugin-install

Set Up WireGuard VPN on Ubuntu 18.04

Server Installation

wget https://raw.githubusercontent.com/complexorganizations/wireguard-install/master/wireguard-server.sh -P /etc/wireguard/
bash /etc/wireguard/wireguard-server.sh

Client Installation

wget https://raw.githubusercontent.com/complexorganizations/wireguard-install/master/wireguard-client.sh -P /etc/wireguard/
bash /etc/wireguard/wireguard-client.sh

Or

apt-get update
apt-get install software-properties-common -y
add-apt-repository ppa:wireguard/wireguard -y
apt-get update
apt-get install linux-headers-"$(uname -r)" -y
apt-get install wireguard qrencode haveged resolvconf -y

Run Client

# Install the config file to the WireGuard configuration directory on your
# Linux client:
sudo install -o root -g root -m 600 <username>.conf /etc/wireguard/wg0.conf

# Start the WireGuard VPN:
sudo systemctl start wg-quick@wg0

# Check that it started properly:
sudo systemctl status wg-quick@wg0

# Verify the connection to the AlgoVPN:
sudo wg

# See that your client is using the IP address of your AlgoVPN:
curl ipv4.icanhazip.com

# Optionally configure the connection to come up at boot time:
sudo systemctl enable wg-quick@wg0

References
https://github.com/complexorganizations/wireguard-install
https://trailofbits.github.io/algo/client-linux-wireguard.html